Alabama Research and Education Network Introduction to IPv6 Internet and Technology for Education Statewide Network Provides Internet, Internet2 and Connectivity.

Alabama Research and Education NetworkIntroduction to IPv6

Internet and Technology for Education

Statewide Network Provides Internet,

Internet2 and Connectivity for K-12 and Higher Education 1

James Duncan, Senior Network [email protected]

DisclaimerIPv6 is a subject I could dedicate a day to and still not cover everything. The following is intended to be an abbreviated introduction.

Feel free to talk to me after class, but you may have to tell me when to stop talking.

…and contrary to popular opinion regarding IPv4, the sky is indeed NOT falling; but that doesn’t mean it won’t!

IPv4 Depletion and IPv6 Adoption Today

Community Use Slide DeckCourtesy of ARIN

History of the Internet Protocol• Internet Protocol version 4 (IPv4)

– Developed for the original Internet (ARPANET) in 1978– 4 billion addresses– Deployed globally & well entrenched – Allocated based on documented need

• Internet Protocol version 6 (IPv6)– Design began in 1993 when IETF forecasts showed IPv4

depletion between 2010 and 2017– 340 undecillion addresses– Completed, tested, and available since 1999– Used and managed similar to IPv4

4

IPv4 and IPv6 Comparison

5

IP version

IPv4 IPv6

Deployed 1981 1999

Address Size

32-bit number 128-bit number

Address Format

Dotted Decimal Notation: 192.0.2.76

Hexadecimal Notation: 2001:0DB8:0234:AB00:0123:4567:8901:ABCD

Number of Addresses

232 = 4,294,967,296 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456

Examples of Prefix Notation

192.0.2.0/2410/8

(a “/8” block = 1/256th of total IPv4 address space = 224 = 16,777,216 addresses)

2001:0DB8:0234::/48 2600:0000::/12

Regional IPv4 Depletion

• Each RIR will run out of IPv4 address space– APNIC reached its final /8 on 15 April 2011

– RIPE NCC reached its final /8 on 14 Sep 2012

– ARIN ??*

– LACNIC ??*

– AfriNIC ??*

*impossible to predict due to nature of requests

6

ARIN’s IPv4 InventoryARIN still has IPv4 addresses remaining

7

IPv4 inventory published on

ARIN’s website: www.arin.net

Updated daily @ 8PM ET

ARIN’s IPv4 Countdown Plan• Process for final IPv4 requests– Divided into 4 phases– Length of each could vary• Global policy to return space to IANA• Faster depletion due to:

– Large requests– Policy changes X.XX

https://www.arin.net/resources/request/ipv4_countdown.html

8

Interest in IPv6

ARIN IPv6 Address Requests

9

World IPv6 Launch

Many top websites, Internet service providers, and home networking equipment manufacturers permanently enabled IPv6 for their products and services on

6 June 2012

www.worldipv6launch.org

10

Status of IPv4 on AREN

• Large pool of unused IPv4 addresses

• Should be enough to manage until IPv6 transition is complete

• Restrictive policy for new IPv4 allocations

Status of IPv6 on AREN

IPv6 for AREN Clients• Standard allocation will be a /48• 65,536 /64 subnets

• Content Filter DOES NOT support IPv6 (yet)• BIG ISSUE• Erate & CIPA require filtering• Vendors need to see demand to implement IPv6

• AREN network equipment ready in most cases• Cisco 2900 or ME3400 are ready• Cisco 2800 or 2600 require upgrade• Cisco ASA 5500 may need memory upgrade• Which do you have? Email [email protected]

Prepare for IPv6

• The good news– Lots more addresses– IPv6 adoption = easier & more efficient

network management– Designed with security in mind

• The bad news– We’ve all got some work to do

14

Everyone needs an IPv6 Plan• Each organization

must decide on a unique IPv6 deployment plan right for them– Timeline will vary– Investment level will

vary

15

How can you get started?• Dual-Stack your networks

– IPv6 not backwards compatible with IPv4– Both will run simultaneously for years

• Servers must be reachable via both IPv4 and IPv6– Mail– Web– Applications

• Do you operate a website? - Ensure content will be available to all customers,

even new Internet users with an IPv6-only address

16

How can you prepare?• Talk to your ISP about IPv6 services

– You want access to the entire Internet

• ISPs must connect customers via IPv4-only, IPv4/IPv6, & Via IPv6-only

• Must plan for IPv4/IPv6 transition services

– Many transition technologies available

• Research options

• Make architectural decisions

17

What else can you do?

18

• Audit your equipment and software– Are your devices and applications IPv6

ready?

• Encourage vendors to support IPv6– If not already, when will IPv6 support be

part of their product cycle?

• Get training for your staff– Free resources available

AREN Support

• AREN FAQ & Common Pitfalls list started• Limited to AREN deployment experience • Please provide feedback to help us build this

• [email protected] setup to field questions about IPv6.

• When we find a content filter solution that supports IPv6, we will start encouraging K12 systems to connect to us with a dual stack.

Common Pitfalls

• Existing Firewall rules (IPv4) do NOT apply!

• IPv6 autoconfig will turn things on before you’re ready

• If you don’t implement DHCPv6, you can be tracked!

• Most OS’s use v6 by default. Mac OSX analyzes v6 and v4 to determine which is best. Can be difficult to troubleshoot.

More Common Pitfalls

• Try typing 2607:F808:0F00:F426:0FAA:0FCC:CC1E:0001 without making a typo. Now try finding that typo.

• Class Trivia Question:

What is the next IP address after

2607:F808::9That’s RIGHT!

2607:F808::A

Getting Started on your network

• Pick a small network to start with• AREN started with IPv6 in engineering offices• Pick a classroom without wireless that’s nearby?• Before deploying to a new area, bring equipment to this “test” area and make sure it works.

• Don’t fool yourself. When running a dual-stack, it’s hard to know if you’re using IPv6 or IPv4. Use tools like tcpdump and wireshark to be sure.

Madison County Schools IPv6

2607:F808:0000:0000:0000:0000:0000:0000

ARIN AssignedTo AREN

AREN Assigns To Our Clients

MCS Assigns To Schools

Assigned to devices on each LAN

Develop an Allocation Strategy2607:F808::/32 – AREN’s Address Space2607:F808::/48 – Madison County School’s allocation

2607:F808:0000:F00D/64 – The cafeteria subnet? You need a plan.

AREN IPv6 Allocation Strategy

2607:F808: 0 0 0 0:0000:0000:0000:0000:0000

Which region?0 = Huntsville4 = Birmingham8 = MontgomeryC = Mobile

…Makes route location and

aggregation easier.

What type of client?0 = K124 = Postsecondary6 = Other8 = College/Univ.C = Govt.F = AREN Internal…Makes content filter policies easier?

Assigned using modified bisection algorithm:

00 = First Assignment80 = Second Assignment40 = Third Assignment

C0 = Fourth Assignment…

Idea is reserve room for each client to grow their

space contiguously.

Good & Bad News

• Most servers and user equipment will self-assign an EIU-64 IPv6 address as soon as they hear an IPv6 router advertisement.

Good news: Easy to get everyone on IPv6 quickly

Bad news: One command on your router could open your entire network up to hackers if your firewall isn’t ready.

More Bad news: EIU-64 uses your MAC address. DHCPv6 is random and therefore less traceable and more secure.

User Device Support for IPv6

• If IPv6 is available, most user devices will prefer it over IPv4.

• Microsoft Windows - XP and newer support IPv6•XP requires a “netsh” command to get started

• Mac OSX supports IPv6• DHCPv6 not supported until 10.7 (Lion)• 10.7 (Lion) analyzes v4 versus v6 and takes the “better” path.

• Linux supports IPv6

Your IPv6 Check List

IPv6 address space

IPv6 connectivity (native or tunneled)

Operating systems, software, and network management tool upgrades

Router, firewall, and other hardware upgrades

IT staff and customer service training

27

Content Filter

Learn More

28

www.ARIN.net

www.GetIPv6.info

www.TeamARIN.net

http://www.InternetSociety.org/Deploy360/

http://www.NANOG.org/archives/

Thank YouJames Duncan

Senior Network EngineerAlabama Research and Education Network

800-338-8320 [email protected]

Email [email protected] if you have questions about connecting to AREN using IPv6